Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Safari RCE Flaw Exploited in the Wild

December 2, 2024
Reading Time: 2 mins read
in Alerts
Safari RCE Flaw Exploited in the Wild

A critical remote code execution (RCE) vulnerability, CVE-2024-44308, has been identified in Apple Safari, which affects several Apple platforms, including iOS, iPadOS, macOS, and visionOS. The vulnerability is located in the JavaScriptCore component of WebKit, and it enables attackers to execute arbitrary code by exploiting maliciously crafted web content. The issue stems from a register corruption in WebKit’s DFG JIT compiler, particularly linked to the improper allocation timing of the scratch2GPR register. This flaw can lead to severe security risks, including system compromise, unauthorized access, and potential data theft.

The vulnerability has been actively exploited, with reports indicating that it is being used in targeted operations, particularly against Intel-based Mac systems. Google’s Threat Analysis Group (TAG) discovered and reported the flaw, highlighting the seriousness of the threat. As the flaw affects widely used Apple platforms, including those used for business, education, and personal computing, it has the potential to compromise sensitive data across numerous sectors. Experts believe that the targeted nature of the exploit indicates that it may be part of advanced cyberattacks aimed at specific users or organizations.

In response, Apple has released patches for the affected platforms to address the vulnerability. The updates include Safari 18.1.1, iOS 17.7.2, iPadOS 17.7.2, macOS Sequoia 15.1.1, and visionOS 2.1.1. These updates incorporate improved checks in WebKit to prevent the malicious exploitation of the flaw. Security experts have strongly recommended that users immediately update their devices to the latest software versions to mitigate potential risks associated with this vulnerability. The urgency of the updates is underscored by the high CVSS score of 8.8, reflecting the potential severity and impact of the vulnerability.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included CVE-2024-44308 in its Known Exploited Vulnerabilities Catalog, urging users and organizations to patch affected systems by December 12, 2024. As Mac-based attacks continue to rise, especially with a surge in macOS malware targeting cryptocurrency businesses, the need for stronger security measures has never been more critical. Organizations, particularly those handling sensitive data, are encouraged to implement proactive security strategies, including timely updates and employee awareness training. The discovery and exploitation of this flaw underscore the growing need for enhanced vigilance in securing Apple devices against increasingly sophisticated threats.

Reference:

  • Apple Safari Remote Code Execution Flaw Actively Exploited on Multiple Platforms
Tags: AppleCyber AlertsCyber Alerts 2024Cyber threatsDecember 2024GoogleiOSiPadOSJavaScriptCoreMacOSRemote code executionvisionOSVulnerabilities
ADVERTISEMENT

Related Posts

New Godfather Trojan Hijacks Banking Apps

Winos 4.0 Malware Hits Taiwan Via Tax Phish

June 20, 2025
New Godfather Trojan Hijacks Banking Apps

New Godfather Trojan Hijacks Banking Apps

June 20, 2025
New Godfather Trojan Hijacks Banking Apps

New Amatera Stealer Delivered By ClearFake

June 20, 2025
Fake Invoices Deliver Sorillus RAT In Europe

Fake Minecraft Mods On GitHub Spread Malware

June 19, 2025
Russian Phishing Scam Bypasses Google 2FA

Russian Phishing Scam Bypasses Google 2FA

June 19, 2025
Fake Invoices Deliver Sorillus RAT In Europe

Fake Invoices Deliver Sorillus RAT In Europe

June 19, 2025

Latest Alerts

Winos 4.0 Malware Hits Taiwan Via Tax Phish

New Amatera Stealer Delivered By ClearFake

New Godfather Trojan Hijacks Banking Apps

Fake Minecraft Mods On GitHub Spread Malware

Fake Invoices Deliver Sorillus RAT In Europe

Russian Phishing Scam Bypasses Google 2FA

Subscribe to our newsletter

    Latest Incidents

    Massive Leak Exposes 16 Billion Credentials

    Tonga Health System Down After Ransomware

    Chinese Spies Target Satellite Giant Viasat

    German Dealer Leymann Hacked Closes Stores

    Hacker Mints $27M From Meta Pool Gets 132K

    UBS and Pictet Hit By Vendor Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial